Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
DigitalNoise
PostPosted: Tue May 22, 2012 1:23 am 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem...

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?
Top
   
Reply with quote  
theckman
 Post subject:
PostPosted: Tue May 22, 2012 1:38 am 
Offline
Sysop

Joined: Sat Nov 27, 2010 3:32 am
Posts: 180
Website: https://blog.timheckman.net/
Location: San Francisco, CA
When exporting your key out of PuttyGen to upload to your server, did you convert it to OpenSSH format? It needs to be in this format so you can use it on your Linode (or any Linux system for that matter).

-Tim
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 1:49 am 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
theckman wrote:
When exporting your key out of PuttyGen to upload to your server, did you convert it to OpenSSH format? It needs to be in this format so you can use it on your Linode (or any Linux system for that matter).

-Tim


No, I didn't (none of the guides made mention of that). I just went in and loaded my private key and then went to "Conversions -> Export OpenSSH Key" and created a new public key file. I deleted everything under my user .ssh directory (rm -r .ssh) and repeated steps 4 - 6 to install the file and set permissions.

Logged out, connected - still prompted for a username and password.
Top
   
Reply with quote  
theckman
 Post subject:
PostPosted: Tue May 22, 2012 2:14 am 
Offline
Sysop

Joined: Sat Nov 27, 2010 3:32 am
Posts: 180
Website: https://blog.timheckman.net/
Location: San Francisco, CA
That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim
Top
   
Reply with quote  
kyrunner
PostPosted: Tue May 22, 2012 6:08 am 
Offline
Senior Member
User avatar

Joined: Sat Feb 25, 2012 4:44 pm
Posts: 71
Website: http://inhomeitsupport.com
DigitalNoise wrote:
First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem...

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?



Search for my name In the forums I created a step by step guide for doing this about a month ago
Top
   
Reply with quote  
kyrunner
 Post subject:
PostPosted: Tue May 22, 2012 6:11 am 
Offline
Senior Member
User avatar

Joined: Sat Feb 25, 2012 4:44 pm
Posts: 71
Website: http://inhomeitsupport.com
theckman wrote:
That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim


Hi Tim, can you use the write up I done awhile back? there is a tone of info missing in the linode wiki for setting up public keys.

viewtopic.php?t=8697&highlight=kyrunner
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 8:47 am 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
theckman wrote:
That's because that article assumes you are creating the keys on the command-line using the ssh-keygen tool.

If you're using PuttyGen, which you need to if you'll be using PuTTy, you need to output the key in OpenSSH format and then put that in your ~/.ssh/authorized_keys file.

-Tim


I'm sorry - in my original reply I meant that I went and tried that after reading your suggestion, and I'm still not having any luck. It still seems to just ignore the fact that there's any key file there at all.
Top
   
Reply with quote  
DigitalNoise
PostPosted: Tue May 22, 2012 8:48 am 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
kyrunner wrote:
DigitalNoise wrote:
First, I just want to say that I've tried searching for the issue I keep running into, but I haven't found anyone with the exact same problem...

Image: Ubuntu 12.04

So, the good news:

I can log into the Linode remotely with either root (bad) or the new user I created (good). PuTTY works just great for this (I'm on Win 7 64bit if it matters).

The Bad News:

No matter what I try, I cannot get Public/Private keys to work. I've followed the instructions in the Securing Your Server - Using SSH Key Pair Authentication to a T (despite step one being a bit misleading when it points Windows users to the PuTTY guide to generate SSH keys - that guide has nothing about SSH keys in it).

I used PuTTYgen to generate my public/private key pair, uploaded it and followed steps 4 - 6 in the Securing Your Server document above.

I figured out how to tell PuTTY which private key file to use. But whenever I connect to the server, I'm still prompted for a username/password, and I'm never prompted for my private key-phrase.

I don't get any error messages - but it seems to just ignore the keyfile(s) entirely. Is there a configuration step that's missing?



Search for my name In the forums I created a step by step guide for doing this about a month ago


I haven't had a problem creating the key file or getting it uploaded and into the right directory with the right permission's - Linode's guide is quite clear about those parts.

My issue is that Ubuntu just seems to ignore the fact that there's any key file there at all.
Top
   
Reply with quote  
kyrunner
 Post subject:
PostPosted: Tue May 22, 2012 10:28 am 
Offline
Senior Member
User avatar

Joined: Sat Feb 25, 2012 4:44 pm
Posts: 71
Website: http://inhomeitsupport.com
run this command on your authorized_key file.

ls -l authorized_keys
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 2:52 pm 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
kyrunner wrote:
run this command on your authorized_key file.

ls -l authorized_keys


Code:
blah@blah:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys


Top
   
Reply with quote  
kyrunner
 Post subject:
PostPosted: Tue May 22, 2012 3:08 pm 
Offline
Senior Member
User avatar

Joined: Sat Feb 25, 2012 4:44 pm
Posts: 71
Website: http://inhomeitsupport.com
DigitalNoise wrote:
kyrunner wrote:
run this command on your authorized_key file.

ls -l authorized_keys


Code:
blah@blah:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys



run this command grep -v "^#" /etc/ssh/sshd_config
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 3:30 pm 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
kyrunner wrote:
DigitalNoise wrote:
kyrunner wrote:
run this command on your authorized_key file.

ls -l authorized_keys


Code:
blah@blah:~/.ssh$ ls -l authorized_keys                                                    
-rw------- 1 blah blah 963 May 22 00:40 authorized_keys



run this command grep -v "^#" /etc/ssh/sshd_config


Code:
blah@blah:~$ grep -v "^#" /etc/ssh/sshd_config | more                                      
                                                                                                    
Port 22                                                                                             
Protocol 2                                                                                          
HostKey /etc/ssh/ssh_host_rsa_key                                                                   
HostKey /etc/ssh/ssh_host_dsa_key                                                                   
HostKey /etc/ssh/ssh_host_ecdsa_key                                                                 
UsePrivilegeSeparation yes                                                                          
                                                                                                    
KeyRegenerationInterval 3600                                                                        
ServerKeyBits 768                                                                                   
                                                                                                    
SyslogFacility AUTH                                                                                 
LogLevel INFO                                                                                       
                                                                                                    
LoginGraceTime 120                                                                                  
PermitRootLogin yes                                                                                 
StrictModes yes                                                                                     
                                                                                                    
RSAAuthentication yes                                                                               
PubkeyAuthentication yes                                                                            
                                                                                                    
IgnoreRhosts yes                                                                                    
RhostsRSAAuthentication no                                                                          
HostbasedAuthentication no                                                                          
                                                                                                    
PermitEmptyPasswords no                                                                             
                                                                                                    
ChallengeResponseAuthentication no                                                                  
                                                                                                    
                                                                                                    
                                                                                                    
                                                                                                    
X11Forwarding yes                                                                                   
X11DisplayOffset 10                                                                                 
PrintMotd no                                                                                        
PrintLastLog yes                                                                                    
TCPKeepAlive yes                                                                                    
                                                                                                    
                                                                                                    
AcceptEnv LANG LC_*                                                                                 
                                                                                                    
Subsystem sftp /usr/lib/openssh/sftp-server                                                         
                                                                                                    
UsePAM yes                                                                                         


I had to pipe it to more so I could copy/paste as I'm having to use the LISH Ajax console because Port 22 is blocked at work - I have a feeling that pretty much every port is going to be.

This is the default file - I've not made any changes to it as yet.
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 9:31 pm 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
I have at least gotten to this point:

Code:
Using username "blah".
Server refused our key
blah@12.34.56.78's password:


By disabling the use of Pagent in PuTTY.

Still don't understand why the keys are not being accepted. I've done research and I've done everything exactly the way many other sites indicate to set this up, but it doesn't work.
Top
   
Reply with quote  
TeddyR42
PostPosted: Tue May 22, 2012 10:09 pm 
Offline
Junior Member

Joined: Mon Jan 30, 2012 3:21 am
Posts: 29
Location: Glendale, CA
I had a similar problem a while back on a fedora 15 install...

The home folder for the user should have permissions

drwx------

The .ssh directory within the user home folder may need permissions

dr-x--x--x or dr-x------

the authorized_keys file within the .ssh directory in the home folder may need permissions (once modified)

-r-------
Top
   
Reply with quote  
DigitalNoise
 Post subject:
PostPosted: Tue May 22, 2012 10:29 pm 
Offline
Senior Newbie

Joined: Tue May 22, 2012 1:13 am
Posts: 12
Finally got it to work...

There is either an issue with PuTTYgen generating valid public SSH keys or with Ubuntu 12.04 accepting them, because:
  1. Rebooted into my local Ubuntu 10.10 install
  2. Ran ssh-keygen from the local console
  3. Performed steps 4 - 6 from the Linode Library guide to install the public key
  4. Tested from my local Ubuntu install - success!
  5. Rebooted back into Windows 7
  6. Imported private key generated from ssh-key into PuTTYgen
  7. Exported private key in PuTTY format
  8. Configured PuTTY to use key file from step 7.
  9. ?
  10. Profit!


Not sure which one would be at fault here, but at least it's working now.
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group